Re: IP fragmentation problem in the 2.0 kernels ?

H. Peter Anvin (hpa@transmeta.com)
11 Sep 1997 03:23:48 GMT

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Darin Johnson: "/dev/full"
Previous message: Kurt Huwig: "Re: unofficial patches"

Followup to: <199709100727.DAA07346@jenolan.rutgers.edu>
By author: "David S. Miller" <davem@jenolan.rutgers.edu>
In newsgroup: linux.dev.kernel
>
> Anyone know how IPv6 handles masquerade/forward/et al?
> (RFC's?) - I've only read up to 1850 (roughly)
>
> I think in Ipv6, the standards are very stingent about "everybody,
> including routers and all hosts, must play the PMTU discovery game
> correctly or else" Something like that...
>

Note that a transparent-proxy (a.k.a. transport-layer) firewall causes
packet reassembly, so it will play the PMTU game separately on each
side. A packet filter (a.k.a. network-layer firewall) must pass the
relevant ICMP packets through.

Does anyone have a good list of ICMP and IGMP packets that
should/should not be safely packet filtered? I presume this will be a
list looking something like:

Type FOO can always be filtered out
Type BAR must never be filtered out
Type QUUX must only be filtered for incoming packets for which
<magic_address> is within the inside network

-hpa

-- 
    PGP: 2047/2A960705 BA 03 D3 2C 14 A8 A8 BD  1E DF FE 69 EE 35 BD 74
    See http://www.zytor.com/~hpa/ for web page and full PGP public key
Always looking for a few good BOsFH.  **  Linux - the OS of global cooperation
        I am Baha'i -- ask me about it or see http://www.bahai.org/

Next message: Darin Johnson: "/dev/full"
Previous message: Kurt Huwig: "Re: unofficial patches"